Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

Attacks detected targeting sites running the ThemeREX Addons plugin.